Basic Theorems of Elliptic Curves

Jonathan Cass
10/14/09

Abstract
An elliptic curve E is the locus of solutions to a degree 3 equation. Many
interesting results are obtained by looking at the structure of the solutions
whose coordinates are in various fields. We denote the solutions to E with
coordinates in a ring F by E(F ). We can introduce a group structure on E(F ),
and then examine what kinds of groups we get when F is one of a number of
different fields. In this talk we will discuss the structure of E(C), E(R), E(Q),
and E(Zp ). The main theorems to be proven are that E(C) is isomorphic to a
torus and that E(Q) is a finitely generated group.

Content
The Basic Definition
An elliptic curve is the locus of solutions to a polynomial equation in two variables of the form
y 2 = x3 + ax2 + bx + c
or, as is birationally equivalent, of the form
y 2 = x3 + ax + b
we will use either form as is convenient.
An elliptic curve is said to be non-singular if it has 3 distinct roots. This is
equivalent to the condition that its discriminant = 16(4a3 + 27b2 ) is nonzero (here the E is written in the second form, so a and b are the coefficient on
x and the constant term, respectively).

The Group Law

One of the reasons that elliptic curves are interesting is that they have a natural
group structure. To start with, we introduce an identity element O at infinity.
What this means is that we are actually looking at elliptic curves in projective
space, but we will work with homogeneous coordinates and simply keep in mind

that there is a "point at infinity" that is always present. Now, given two points
P and Q on E, we can draw the line through them and this line will, in general,
intersect E at a third point - say P Q. Then we define P + Q = (P Q) O.
It is not hard to prove that this operation preserves key properties of its points
- specifically, if P and Q are rational, then so is P + Q and the same goes for
real points. Thus we get a chain of subgroups
O E(Q) E(R) E(C)
It will be useful and illustrative to give an exact formula for P + Q. First of
all, note that x(P + Q) = x(P Q) and y(P + Q) = y(P Q) since the line
through the point at infinity is vertical. Now, let P = (x1 , y1 ) and Q = (x2 , y2 )
x1
and
be distinct points on E. Say P Q = (x3 , y3 ). Next, define = xy22 y
1
assume that the line through P and Q has equation y = x + . Then the three
points at the intersection of the line and E satisfy
y 2 = (x + )2 = x3 + ax2 + bx + c
so expanding and rearranging we get
0 = x3 + (a 2 )x2 + (b 2)x + c 2
The three roots of this cubic will be the x-coordinates of the points P , Q, and
P Q - namely, x1 , x2 , x3 . Thus
x3 + (a 2 )x2 + (b 2)x + c 2 = (x x1 )(x x2 )(x x3 )
Comparing coefficients of the constant term, we obtain a 2 = x1 x2 x3
so that
x3 = 2 a x1 x2
Then plugging this back into the equation for the line, we see that
y3 = x3 + = 3 (a + x1 + x2 ) +
Therefore
P + Q = (2 a x1 x2 , 3 + (a + x1 + x2 )
Of course, this only works if P and Q are distinct points, and if we are to
turn E into a group, we must be able to compute 2P . To compute P + P , we
simply take the tangent line at P . The tangent line intersects (in most cases)
with multiplicity 2, so it will intersect the curve in one other point, which we
take to be P P . Then joining with O (or, equivalently, reflecting over the
horizontal axis) gives P + P . This will not be of much concern in this talk, but
I thought it might be useful to mention.

E(C)
Over C, elliptic curves have a very simple and elegant form. They are precisely
the surfaces of genus 1, also known as tori. To prove this we need a bit of
complex analysis, but nothing too bad.
In the complex plane we have the notion of a "doubly periodic function". A
function f is doubly periodic if there exist 1 , 2 linearly independent such that
f (z + 1 ) = f (z) = f (z + 2 ). One of the simplest examples of these is called
the Weierstrass -function. Given a lattice L C generated by 1 , 2 we define
X
1
1
1
2
(z) = 2 +
z
(z )2

L
6=0

This is a meromorphic function in the complex plane, with poles of order 2 at

each lattice point. It turns out that satisfies some very interesting differential
equations - one of which is closely related to elliptic curves:
0 (z)2 = 4(z)3 g2 (z) g3
for all z
/ L, where
g2

60

L
6=0

g3

140

L
6=0

These properties are not too difficult to verify, but we will not go into the proofs
here.
Let a non-singular elliptic curve E be given by
y 2 = x3 + ax + b
Then we see that
(2y)2 = 4x3 + 4ax + 4b
Since E is non-singular, we know that (4a)3 27(4b)2 6= 0 and therefore we
can use the uniformization theorem to find a lattice L such that g2 = 4a and
g3 = 4b. Thus we have
(2y)2 = 4x3 g2 x g3
a quick change of variables (and slight abuse of notation) gives
y 2 = 4x3 g2 x g3
Now we can look at the -function associated with the lattice that we obtained
by uniformization. This will satisfy the differential equation
0 (z)2 = 4(z)3 g2 (z) g3
3

with the same g2 and g3 that are now defining our elliptic curve. Therefore we
have a map : C E defined by z 7 ((z), 0 (z)).
We now make three claims:
1. is surjective.
2. is a homomorphism.
3. Ker = L.
1
is
To see that is surjective, take any point (x0 , y0 ) E. Then (z)x
0
an elliptic function and therefore has a pole (use Liouvilles theorem) so that
(z) x0 has a zero. Therefore there is a z0 C such that (z0 ) = x0 . So
0 (z0 )2 = y02 and (taking z0 instead of z0 if necessary) 0 (z0 ) = y0 . Thus we
see that (z0 ) = (x0 , y0 ) as claimed.
The second claim is saying that

(z1 + z2 ) = (z1 ) + (z2 )

where the addition on the left side is the regular addition of complex numbers,
while the addition on the right is the group law on the elliptic curve. This
proposition turns out to be deeper than I originally thought and we will not be
able to prove it here. It follows from the theory of divisors, however, and can
be seen in Silvermans "The Arithmetic of Elliptic Curves".
Finally, it is clear that the kernel of is the lattice L, since the identity on
the curve is the point at infinity. Therefore Im = C/L and we are done.

E(R)
The real points on a curve, E(R), are very easy to describe. Any elliptic curve
has either 1 or 3 real roots. If E has precisely 1 root, then it will be isomorphic
to the circle group - otherwise it will have 3 roots and will be isomorphic to a
product of Z2 and the circle group.

E(Q)
The rational points are perhaps the most interesting. There are two main theorems that, together, describe the structure of E(Q) very well - up to one mystery.
We have the
Mordell-Weil Theorem.
Given a non-singular elliptic curve E, E(Q) forms a finitely generated group.
So E(Q)
= Etors Zr for some r. The next theorem classifies T (E):
Mazurs Theorem.

Given a non-singular elliptic curve E, the torsion subgroup of E(Q) is one of

the following fifteen groups:
Z/N Z

N {1, 2, ..., 10, 12}

or
Z/2Z Z/2N Z

1N 4

In fact, given an elliptic curve E it is not too hard to figure out which of
these torsion subgroups E possesses. Another interesting theorem on the torsion
subgroup is that it consists entirely of points with integer coordinates - this is
the Nagell-Lutz theorem. The converse, however, is not true. It is important
to note that the Nagell-Lutz theorem implies that if the rank of E is zero, then
all rational points are integral.
Since we know that E(Q) is finitely generated and what the torsion part
looks like, the only question left about E(Q) is how to compute the rank r.
This turns out to be a very deep and difficult question and is the subject of the
famous Birch Swinnerton-Dyer Conjecture. More on this later, if there is time.
Mazurs theorem is extremely difficult, and I havent the slightest idea how
it is proved - but I can find a reference for anyone who is interested. The
Mordell-Weil theorem, on the other hand, is more tractable and we will discuss
the proof here. We follow very closely the treatment given in Silverman and
Tates "Rational Points on Elliptic Curves". We wont have time to prove all
the different parts of the theorem, but we will get the ideas of most of the proof.
Before we begin the proof, we need one more definition: given r = ab Q
written in lowest terms, we define the height H(r) = max{a, b}. Then, since
we want the height to act additively (rather than multiplicatively) we define
h(r) = log H(r). We then define the height of a point P = (x, y) as h(P ) = h(x).
To prove the Mordell-Weil theorem, we need the following four lemmas:
Lemma 1. For every real number M , the set
{P E(Q) : h(P ) M }
is finite.
Lemma 2. Let P0 be a fixed rational point on E. There is a constant 0
depending on P0 and E such that
h(P + P0 ) 2h(P ) + 0

for all P E(Q)

Lemma 3. There is a constant , depending on E, such that

h(2P ) 4h(P )

for all P E(Q)

Lemma 4. The index (E(Q) : 2E(Q)) is finite.

We will first indicate how the Mordell-Weil theorem is proved, using these lemmas - and then go back and prove them individually. So, assuming lemmas 1-4
we proceed as follows:
By lemma 4, we know that (E(Q) : 2E(Q)) is finite and so we can take a
representative from each coset, say Q1 , ..., Qn . Take P E(Q), then there is an
index i1 such that
P Qi1 2E(Q)
So for some P1 E(Q), we have
P Qi1 = 2P1
We now iterate this process to get
P1 Qi2

2P2

P2 Qi3

=
..
.
=

2P3

Pm1 Qim

2Pm

We can now represent P as

P = Qi1 + 2P1 = Qi1 + 2Qi2 + 4P2 = Qi1 + ... + 2m1 Qim + 2m Pm
so that P is in the subgroup of E(Q) generated by the Qi and Pm . We will now
use lemmas 2 and 3 to show that by choosing m large enough, h(Pm ) will be
bounded, so that by lemma 1 there will only be finitely many needed. Therefore
E(Q) will be generated by the Qi and these finitely many Pm .
Using lemma 2, we can find i for 1 i n such that
h(P Qi ) 2h(P ) + i

for all P E(Q)

Now take 0 = max{i |1 i n} so that

h(P Qi ) 2h(P ) + 0

for all P E(Q) and 1 i n

We next use lemma 3 to find such that

h(2P ) 4h(P )

for all P E(Q)

then fix j and calculate

4h(Pj ) h(2Pj ) + = h(Pj1 Qij ) + 2h(Pj1 ) + 0 +

divide through by 4 and rearrange terms to get

h(Pj )
=

1
h(Pj1 ) +
2
3
h(Pj1 )
4

0 +
4
1
(h(Pj1 ) (0 + ))
4

so, any time we have h(Pj1 ) 0 + , then

h(Pj )

3
h(Pj1 )
4

Therefore, for any starting point P , we can find an index m such that h(Pm )
0 + and
n
X
P =
ai Qi + 2m Pm
i=1

so the set
{Qi }n1 {R : h(R) 0 + }
generates E(Q) and since lemma 4 implies the first set is finite, and lemma 1
implies the second is finite, we know that E(Q) is finitely generated.
So we now need to verify the four lemmas from above. Let E be a nonsingular elliptic curve, given by y 2 = x3 + ax2 + bx + c. To prove lemma 1, we
observe that it is equivalent to the fact that the set {P E(Q) : H(P ) M }
is finite. But, given M , there are at most M 2 rational numbers with height up
to M and therefore 2M 2 rational points with these coordinates. So lemma 1 is
clear.
Lemma 2 will require somewhat more work but is still not too bad. Essentially we use the addition formula derived when the group law was stated, and
then the triangle inequality. Given distinct points P = (x, y) and P0 = (x0 , y0 )
we have
H(P + P0 )

= H(x(P + P0 ))

(y y0 )2
= H
a x x0
(x x0 )2

(y y0 )2 (x x0 )2 (a + x + x0 )
= H
(x x0 )2

In the numerator we will have y 2 x3 = ax2 + bx + c so that for some constants

A, ..., G we see that

Ay + Bx2 + Cx + D
H(P + P0 ) = H
Ex2 + F x + G
If we write x and y in lowest terms then we will have x = em2 and y =
make this substitution and clear denominators to get

Ane + Bm2 + Cme2 + De4

H(P + P0 ) = H
Em2 + F me2 + Ge4
7

n
e3 ,

we

We do not know if this fraction is in lowest terms, but cancellation would only
lessen the height. Therefore
H(P + P0 ) max{|Ane + Bm2 + Cme2 + De4 |, |Em2 + F me2 + Ge4 |}
It is evident that e H(P )1/2 and m H(P ). Less apparent, but still true, is
that n KH(P )3/2 for some K. This can be seen by substituting ( em2 , en3 ) into
the equation for E
n2 = m3 + am2 e2 + bme4 + ce6
so
|n2 | |m3 |+|am2 e2 |+|bme4 |+|ce6 | H(P )3 +|a|H(P )3 +|b|H(P )3 +|c|H(P )3
p
take K = 1 + |a| + |b| + |c| and our claim is evident. So, we can then see that
|Ane + Bm2 + Cme2 + De4 |

|Ane| + |Bm2 | + |Cme2 | + |De4 |

(|AK| + |B| + |C| + |D|)H(P )2

|Em2 | + |F me2 | + |Ge4 |

and also
|Em2 + F me2 + Ge4 |

(|E| + |F | + |G|)H(P )2
therefore
H(P + P0 ) max{|AK| + |B| + |C| + |D|, |E| + |F | + |G|}H(P )2
and so, taking logarithms,
h(P + P0 ) 2h(P ) + 0
Since this 0 does not depend on P , we are done with lemma 2.
Lemma 3 requires significant computation, but can be found in Silverman
and Tates book. In essence, it is more difficult because we need to ensure that
there is not too much cancellation, which would lower the height considerably.
Finally, lemma 4 is sometimes called the Weak Mordell-Weil Theorem. It
can be proven at many different levels of depth but is a fairly intense theorem
in and of itself. We will not go into it here, but it can be looked up in many
books.

E(Zp )
Attempts to understand E(Zp ) are still underway. The mysterious rank that
was referenced earlier seems to depend heavily on these groups. The idea is
that if an elliptic curve has a lot of primes p such that #E(Q) is large, then
it is likely to have high rank. This is formalized in the Birch Swinnerton-Dyer
conjecture, which actually says
Y
lim (s 1)r L(E, s) = #X(E)2r R(E)(#Etors (Q))2
cp
s1

Most of these terms are well beyond the scope of this talk (and my current
understanding), but, fortunately, there are many other ways of talking about
the conjecture. Specifically, there is a weaker form that we can discuss here.
First of all, we must define the L-series of an elliptic curve. We recall that
we have continually required our elliptic curve to be non-singular. This could
potentially cause problems when we reduce the equation for E, modulo p. The
new discriminant p in Zp will satisfy p (mod p) and therefore will be
zero if and only if p|. We therefore define good and bad reduction:
We say that an elliptic curve E has bad reduction at a prime p if p|.
Otherwise, E is said to have good reduction.
Now we let PE be the set of primes at which E has good reduction. Then
the L-function for E is defined as
Y
1
L(E, s) =
p+1N (p)
+ pp2s
pPE 1
ps
Since L(E, s) is an infinite product, we immediately run into issues of convergence. It is not hard to show that L(E, s) is convergent when Res > 32 however, except for in special cases, not much more than that is known. The
Birch Swinnerton-Dyer conjecture therefore splits into two parts:
1. L(E, s) has an analytic continuation defined at s = 1.
2. The order of vanishing of L(E, s) at 1 is the rank of E
So implicit in the conjecture is the fact that if E(Q) is infinite (i.e. has
non-zero rank) then L(E, 1) = 0. Coates and Wiles have proven this in the case
where E has complex multiplication. Complex multiplication is a topic of a lot
of current research but has a fairly easy definition.
Given any elliptic curve E, for each integer m, there is a multiplication-bym map from E to itself. For most elliptic curves, there are no other endomorphisms. Any curve E whose endomorphism ring is strictly greater than Z is said
to have complex multiplication. For some reason this endows it with interesting
properties - I am currently trying to learn more about this and maybe will give
another talk on it when I understand some of it.